Autor: Chris Edwards Data: Dla: exim-users Temat: Re: [Exim] DOS problem (?)
On Fri, 5 Sep 2003, Alun wrote:
| -- | | Dear all, | | As of Monday, we have (finally!) been running Exim 4. I have to say I'm well
| impressed with the ACL stuff - a lot of the hacks we had to do cunning stuff
| under Exim 3 have just turned into simple ACL rules. Neat! | | However... | | Yesterday afternoon, we were hit hard by a single machine trying to
| establish connections at the rate of around 22 per second sustained. I
| already had: | | smtp_accept_max = 200
| smtp_accept_max_per_host = 10 | | and it appeared to be working to some degree: | | 2003-09-04 14:45:13 Connection from XXX.XXX.XX.X refused: too many
| connections
That's interesting.
When our "smtp_accept_max" is exceeded, exim logs:
Connection from 130.209.16.11 refused: too many connections
When our "smtp_accept_max_per_host" is exceeded, exim logs:
Connection from 130.209.16.11 refused: too many connections from that IP address
Note the "from that IP address" bit. This implies its your
smtp_accept_max limit that was being reached. Any idea how many
connections were active ? What did "exiwhat" return ?
--
Chris Edwards, Glasgow University Computing Service